(1)
Sender ip | 45.137.22.71 |
From | "Jashpal Singh <[email protected]>" |
Subject | "RE: LPO-SCREEN MESH" |
Attachment | : "LPO PRECISION MESHES 2352104321QQ.pdf.r11" |
MD5 | 740d0fb7a4addd333ba056dea2fabf3a |
SHA256 | 528af553a32a89601588f39b35e8b2714cd479bc47648b007a564136485e3e0e |
Family | Formbook |
(2)
Sender ip | 195.231.66.125 |
From | "Nguyen Phuong Thuy <[email protected]>" |
Subject | "New Order" |
Attachment | (New order - List of New Order).zip |
MD5 | 32246920e52fd4ef5cc1bd49811a2344 |
SHA256 | 40a337fe26c8929fa7d4cb2c750b03d160d1ce1addc9ea0f7abfb71c242a07f0 |
Family | ModiLoader |
(3)
Sender ip | 185.136.163.190 |
From | "Louis Morgan Groups<[email protected]>" |
Subject | "Order List" |
Attachment | "Order List.zip" |
MD5 | c3c073bdc64b2ae06490024e9f0d1c63 |
SHA256 | 823f97c8ef07b2edfa84d898cf7987a0c18bc742fb458aeb99c97f49ad3fe64b |
Family | AgentTesla |
(4)
Sender ip | 45.137.22.71 |
From | "Echo Wu <[email protected]>" |
Subject | "update prices of attached items" |
Attachment | "update order of attached items.r00" |
MD5 | 8f0088d768489196c279a1c8adc70a20 |
SHA256 | a32bb58209626c22868278a90a0956495039289cf88d33d085419b9a8259266f |
Family | Unknown |
(5)
Sender ip | 185.222.57.157 |
From | |
Subject | "RE: BALANCE TRANSFER SWIFT COPY.." |
Attachment | "SWIFT COPY..rar" |
MD5 | cf8fe5bfba132a425f4b79f1247e8554 |
SHA256 | 181ee3a7d7eed5331b58011e1088533b45734c5f7928dd4b4cc78ac3def5f90b |
Family | AgentTesla |
(6)
Sender ip | 185.222.57.171 |
From | |
Subject | "order #127" |
Attachment | "NA090900000.LzH" |
MD5 | 0b934403f656857cffcff32823b6f8de |
SHA256 | d0dde788e773c61239053ee6dffff5e83043310ef27efac0f6d8275af0971b57 |
Family | NanoCore |
(7)
Sender ip | 45.137.22.71 |
From | "T. HALK BANKASI<[email protected]>" |
Subject | "T.HALK BANKASI A.S.Hesap Ekstresi" |
Attachment | "Halkbank,doc 00100210210.r11" |
MD5 | 9a900a84e85e6bfe1ac6e55873aa262a |
SHA256 | 256ddf8556d759c829d9ebfb85e2ec242b3bf94d38f2cbf9edfb5c780973a256 |
Family | Formbook |
(8)
Sender ip | 142.4.18.137 |
From | |
Subject | “PI OUI899484 BOX .PAKE" |
Attachment | "OUI.899484... BOX.gz" |
MD5 | 842a0115077cd223a12d31d352498924 |
SHA256 | 92ec45e9b52f0cb624e34c317a8c4f122acb9ba62be1ff6088625d96e555ddb8 |
Family | unknown |
(9)
Sender ip | 185.222.57.157 |
From | |
Subject | "RE: BALANCE TRANSFER SWIFT COPY.." |
Attachment | "SWIFT COPY..r00" |
MD5 | f489aa535f8096ab6b278616ef4c4484 |
SHA256 | 8e47a1d341da073d6d19310578ee44144f0d86d1b50613b631ec0a2688204ed1 |
Family | AgentTesla |
(10)
Sender ip | 185.222.58.156 |
From | "=?UTF-8?B?xLBNTcSwQg==?= <[email protected]>" |
Subject | "Payment_Swift_TT_Copy_Original.pdf ///Re: Instructions for Payment" |
Attachment | "Payment_Swift_0096986854748574.r00" |
MD5 | 8303923a596fd9cbcc7ffe4caa2ea8c8 |
SHA256 | 17967badb8bb0e2240386e286f05c9c00bcd74a991f5230ea20b2db610d8cc07 |
Family | SnakeKeylogger |
(11)
Sender ip | 185.222.57.162 |
From | "Naney Jasmin Estrada(Ms.)<[email protected]>" |
Subject | "RE:Proforma IO108090" |
Attachment | "Proforma IO108090.zip" |
MD5 | 4885ff083ce141b9ca9110bff8219723 |
SHA256 | b2eadc92f226dcdda1217fc2548ccba1479c8e50bd24b25123215a926aacf7a5 |
Family | AgentTesla |
(12)
Sender ip | 45.156.23.236 |
From | "Steve Park" <[email protected]>" |
Subject | "RE: Overdue Charge Payment" |
Attachment | "Bank Details.rar" |
MD5 | 7a8c59a4794d9ec5a8b0256f5e339bd5 |
SHA256 | 3e4dfe7c5416c432107685e308c803d888df1f5d78949a11c535ee926216c635 |
Family | SnakeKeylogger |
(13)
Sender ip | 51.89.208.80 |
From | |
Subject | "Appraisal Loan Report." |
Attachment | "Appraisa-reportl11002275444900.zip" |
MD5 | e8ca9498986b1c304ad639874335339f |
SHA256 | 6fdcc4b886c1ddcd5a76bfb4f8c79cf39f7c3c3fbe08cee92fa5a8eeafc57e43 |
Family | RemcosRAT |
(14)
Sender ip | 103.133.105.111 |
From | "Atina Wu <[email protected]>" |
Subject | "*URGENT SUPPLY* QUOTE B1020363" |
Attachment | "QUOTE B1020363.PDF.gz" |
MD5 | adfcfecea283e97f3cda3be4baffa7e9 |
SHA256 | 104f4489ec8b1b693b839dc39082f5f07e569be7728dbd3e0d8172a76f6dce68 |
Family | Formbook |
(15)
Sender ip | 45.137.22.57 |
From | |
Subject | "RE: PAYMENT COPY" |
Attachment | "Payment.zip" |
MD5 | d6ea4160f408cce8aae4a84d37d9e921 |
SHA256 | 40697fea925326e0b55469750354352c0c7d36f7abe00699e013e55e9afeae2d |
Family | AgentTesla |
(15)
Sender ip | 185.222.57.90 |
From | |
Subject | "GS_ PO NO.186/2021" |
Attachment | "GS_ PO NO.1862021.zip" |
MD5 | 1eadad01709a0294e51f5b64462059fc |
SHA256 | 399a8f899ba8d8ef02ecfd588fcbe4c0e85d59d8a51bb3127dc3e5fc451d278b |
Family | AgentTesla |
(16)
Sender ip | 93.189.41.228 |
From | "BlueLinx Holdings <[email protected]>" |
Subject | "DocuSign: Equipment #9517" |
Attachment | "inv_1021910698_364846394.rar" |
MD5 | 5ad1b1fa3cff6f806797b77545461fd0 |
SHA256 | 730deb695698a67f2b135c9b836b112f03d2b94ad9cc1bb9d38513b2a8bbf7bd |
Family | Quakbot |
(17)
Sender ip | 82.194.90.139 |
From | "sekretary <[email protected]>" |
Subject | "=?UTF-8?Q?=D1=81=D1=87=D0=B5=D1=82-=D0=BF=D1=80=D0=BE=D1=84?= =?UTF-8?Q?=D0=BE=D1=80=D0=BC=D0=B0?=" |
Attachment | "счет-проформа pdf.zip" |
MD5 | d625f80e4f8359aa969eef872133ad03 |
SHA256 | 083a56cd6197597aae81782b47d6aaead5b6ec08245b6603845aaa425645dd1e |
Family | FormBook |
(18)
Sender ip | 62.113.202.77 |
From | "Rahmatullah khan"<[email protected]>" |
Subject | "Update of PI AAAQ pending orders0308 D2101002610 air shipment" |
Attachment | "pending orders0308 D2101002610 pdf.7z" |
MD5 | 7d9224e610eab56f6a2276a8f31f8cc7 |
SHA256 | c76e376abdeb8103dc00f7c3b68cdf6a685cc5578269b83edc249fa0693cb973 |
Family | FormBook |
(19)
Sender ip | 93.189.41.228 |
From | "BlueLinx Holdings <[email protected]>" |
Subject | "DocuSign: Equipment #9517" |
Attachment | "inv_1021910698_364846394.rar" |
MD5 | 5ad1b1fa3cff6f806797b77545461fd0 |
SHA256 | 730deb695698a67f2b135c9b836b112f03d2b94ad9cc1bb9d38513b2a8bbf7bd |
Family | Quakbot |
Article Link: https://menshaway.blogspot.com/2021/04/phishing-attacks-2142021.html